/etc/security/passwd flags corruption ?

What can cause corruption of the "flags" fields in /etc/security/
passwd ?
Here is an example: (Weird characters did not paste)
Line 2045: "flags =3D =F6"
Line 2415: "flags =3D )=B0"
Most of the servers where we are having this corruption are AIX 5.2
Thanks,
--Ben

On Nov 24, 4:45 am, Benoit Lefebvre <benoit.lefeb...@gmail.com> wrote:
> What can cause corruption of the "flags" fields in /etc/security/
> passwd ?
>
> Here is an example: (Weird characters did not paste)
> Line 2045: "flags =3D =F6"
> Line 2415: "flags =3D )=B0"
>
> Most of the servers where we are having this corruption are AIX 5.2
>
> Thanks,
> --Ben
weird; anyone manually updating the file ?
what ML are you on ?
what LANG setting are you using ?

On Nov 27, 2:02 pm, Jim.L...@cibc.com wrote:
> On Nov 26, 9:56 am, Benoit Lefebvre <benoit.lefeb...@gmail.com> wrote:
>
>
>
> > On Nov 25, 5:10 pm, Henry <snogfest_hosebe...@yahoo.com> wrote:
>
> > > On Nov 24, 4:45 am, Benoit Lefebvre <benoit.lefeb...@gmail.com> wrote:=
>
> > > > What can cause corruption of the "flags" fields in /etc/security/
> > > > passwd ?
>
> > > > Here is an example: (Weird characters did not paste)
> > > > Line 2045: "flags =3D =F6"
> > > > Line 2415: "flags =3D )=B0"
>
> > > > Most of the servers where we are having this corruption are AIX 5.2
>
> > > > Thanks,
> > > > --Ben
>
> > > weird; anyone manually updating the file ?
> > > what ML are you on ?
> > > what LANG setting are you using ?
>
> > ml: 5200-08
> > lang: EN_US
>
> > No one is updating the file manually.
>
> > --Ben
>
> With respect, how can you be sure that no one is updating this
> file manually? Do you have audit data to prove it?
>
> FWIW my experience is that a lot of tricky problems are caused
> by people doing things that no one was supposed to be doing.
>
> Regards,
> Jim Lane
Well.. I know for sure we have no scripts to edit this file manually..
BUT.. we are using IBM Tivoli Identity Manager and I'm starting to
think this software is causing these problems
It's funny to see that we realised that we had these weird chararcter
when ITIM started to mal-function.
I will continue to investigate on that.. Even our IBM representative
was surprised when I showed this to him he never saw that.
--Ben

KUserI am running Freebsd 5.2.1 . I logged in as root into KDE and used KUser to
reset password for a user.
After that when I tryed to login as root I would get an error:
pam_acct_mng - Account expired.
I loged in in single mode and tryed to change root password now I would
get an error from pwd_mkdb :
Inappropriate file type or format
If i run this command to check the passwd file i get an error:
pwd_mkdb -C /etc/passwd
pwd_mkdb: corrupted entry
pwd_mkdb: at line #1
pwd_mkdb: /etc/passwd: Inappropriate file type or format
The first line in /etc/passd is:
root:*:0:0:Charli...

Password Security and /etc/default/passwdA couple of questions regarding pam_authtok_check and friends.
1) What does the NAMECHECK variable in /etc/default/passwd actually do?
The documentation in the passwd(1) simply repeats the same text found
in /etc/default/passwd, which simply says "do login name checking".
What kind of checking is that then?
2) Where is the password history to deal with variables such as
MAXREPEATS kept? Are just the hashes stored? If so, do I break this
if I change crypt algorithms?
3) If just the hashes are stored, how does MINDIFF work?
As always, I'm looking for actual answ...

/etc/security/user file in AIXI was reviewing the /etc/security/user file in a few AIX machines. I
noticed that the file contains default: and each user id. Somehow, I also
noticed that the settings were different in the default and other user ids.
Under this situation, which settings are working? The settings in default:
or in a specific user id?
For example:
In the default:
maxage = 0
minlen =6
but in an user id:
maxage = 4
minlen = 8
which will work?
I believe the settings specific to each user take precedence over the
default settings.
If you were to create a new user, the default settings ...

Question on Migration of /etc/passwd and SecurityHello:
Just wondering if wanted to migrate users from one host A to B, can I do the
following:
Append the /etc/passwd to /etc/passwd of host B?
What if i throw Shadowed passwd to it? will that work as well (given that
above given scenario will work)?
Being new to HP-UX I was thinking about if that's possible. If it works
that' really bad from sec. perspective I guess, because that means the
encryption does'nt follow the mathematical theory of encryption being
toatally random.
Appreciate your comments.
Vince
Hi Vince
> Just wondering if wanted to migrate users from one ...

Difference between HP Unix and Unix AIXWhat are the difference between HP Unix and HP AIX at command line ???
Is there any ?
dlprogress wrote:
> What are the difference between HP Unix and HP AIX at command line ???
> Is there any ?
>
>
Unless you're getting into system dependent stuff, no, there's no real
difference. However, one real difference is that AIX is an IBM and not
an HP product.
--
Fletcher Glenn
...

user authentication via /etc/passwd|/etc/shadowHi,
I want to write a program where I authenticate users via the standard
unix system accounts. I didn't find a module providing this
functionality. Is there such a module available? If not, how can I
achieve this?
Marco
--
Marco Herrn herrn@gmx.net
(GnuPG/PGP-signed and crypted mail preferred)
Key ID: 0x94620736
Marco Herrn wrote:
> I want to write a program where I authenticate users via the standard
> unix system accounts. I didn't find a module providing this
> functionality. Is there such a module available? If not, how can I
> achieve this?
You need...

How secure is the security from my security form?Hey, I have a question about how secure the following will be....
I want to have a login form that posts to itself, so when it loads it checks
if there is a username and password on the query list.
If there is not, it asks for one.
If there is, it checks to see if the information is valid.
If it is not valid, it deletes the attributes and calls itself again.
If it is valid it sets a particular session variable to be some value and
redirects to the next page.
Every page from there on in will check to see if the session variable is set
and if not will redirect back to the login page.
Are ...

how secure is the security from my security form?Hey, I have a question about how secure the following will be....
I want to have a login form that posts to itself, so when it loads it checks
if there is a username and password on the query list.
If there is not, it asks for one.
If there is, it checks to see if the information is valid.
If it is not valid, it deletes the attributes and calls itself again.
If it is valid it sets a particular session variable to be some value and
redirects to the next page.
Every page from there on in will check to see if the session variable is set
and if not will redirect back to the login page.
Are there any security risks/holes that I should know about?
Thanks in advance,
Aaron
PS I do have access to Tomcat, but have been unable to figure out how to set
it up (this is my first time setting up security for a site) - so if anyone
has any tips/links that information would be most appreciated. Thanks
again.
...

/etc/passwdCan someone tell me how the last field in a record of the /etc/passwd
text file can be executable?
I've noticed that the parent pid of my login shell is 1, the init
process.
Is the init process merely reading this field and executing it?
Thanks
nick <cupofjava1961@aol.com> writes:
> I've noticed that the parent pid of my login shell is 1, the init
> process.
When the parent process of a process goes away, the parent pid is set to
1.
How do you login to your login shell and on which OS?
--
Thorbj�rn Ravn Andersen
I login to slackware using ksh.new (the new Korn shel...

AIX securityHi,
I would like to harden some of our AIX boxes. What are all I need to
do for this.
And here we use "rexec" for executing some of the programs. How can we
avoid this. Is there any alternate secure way for this.
Please suggest me.
Best Regards
Siva.
haisiva@yahoo.com (Krishna) writes:
> Hi,
>
> I would like to harden some of our AIX boxes. What are all I need to
> do for this.
>
> And here we use "rexec" for executing some of the programs. How can we
> avoid this. Is there any alternate secure way for this.
SSH is something you should start be...

Unix AIXWhat is the best way to clear semaphores and shared memory, sometimes
we run those ipcs and ipcrm commands but some of them do not go away
and the server hangs, i would apprecaite a list of commands for unix
aix, we are on version 6.1
Thanks!!
SAPUNIX wrote:
> What is the best way to clear semaphores and shared memory, sometimes
> we run those ipcs and ipcrm commands but some of them do not go away
> and the server hangs
those who do not go away, are they really not in use anymore?
In comp.unix.aix, Sven Mascheck <mascheck@email.invalid> wrote:
>SAPUNIX wrote:
>> What is the best way to clear semaphores and shared memory, sometimes
>> we run those ipcs and ipcrm commands but some of them do not go away
>> and the server hangs
>
>those who do not go away, are they really not in use anymore?
My experience is if they don't go away from properly formatted ipcs / ipcrm
commands, it's because they're tied to processes which are hung waiting on
kernel threads (and basically, defunct).
In which case you need to kill the owning process (which is already dead,
and which probably won't respond to a kill -9 since it's stuck in a kernel
thread) or reboot the box.
SAP is the worst offender in this regard IME. It's the only app I've ever
known people have to constantly clear down shared memory / semaphores for
when it doesn't shut down cleanly.
--
Tony Evans
Saving trees and wasting electrons since 1993
blog...

"Real Name" in /etc/passwd contains +, _ etcIn the passwd file on the server I am using, some names have odd
characters in them, e.g. Fred+ Flinstone
I was curious as to whether anyone know if this was intentional, an
error on the sysadmin's part, etc.
Cheers!
Mitch.
Mitch <spudtheimpaler@hotORgooMAIL.invalid> writes:
> In the passwd file on the server I am using, some names have odd
> characters in them, e.g. Fred+ Flinstone
1) Some systems (like Sun's YP/nis database) use the + to indicate a
reference to a remote data label, but as I recall, it's used before an
'@' and followed by a label name....

Editing /etc/passwd and /etc/shadow doesn't reset password. Why?Ok. I'm very close to getting into the box now, but one thing stands in my way.
(I put up a linux box, dd'ed the drive to another one to play with, restamped
it with the geometry (edvtoc -p) and got it fsck'ed and mounted)
Then I edited out the encrypted password field in /etc/shadow. Figured this
would reset it, but no dice. Still can't get in. (either hitting return at the
login or space) Also tried editing out the field in /etc/passwd, editing out
both, editing out /etc/opasswd and /etc/oshadow
I read somewhere that you could chroot the mounted directory, so I did that
like this:
chroot /mnt /bin/su root
*which works*
but when I run "passwd" from there, it asks me for the old password, even
though I am running as root. I am logged in as root in the shell I mounted the
drive in, and I verified it with "id", which told me UID 0(root),GID3(sys).
I also tried the following:
I have an account on my system I put up to mount the drive, called admin, (my
non-root account) It has a password of "password". So I copied that hash from
the shadow file into the entry for root, and it still wouldn't let me in.
Is there some sort of other user database where the old password is still being
stored?
CHoaglin wrote:
>
>Is there some sort of other user database where the old password is still being
>stored?
>
>
>
/tcb/files/auth/r/root
Have a poke about in this area, you should get the idea of how it hangs
togethe...